f78d82b2415db2e11c060f35651176cbc04289d8e5fadcfa3af032c0c2e7def8

Resubmissions

24-04-2024 16:50

240424-vb78xsdd83 10

Analysis

max time kernel
61s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
24-04-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MUNDOLATINO_9.8.apk
Size

10.1MB
MD5

8b6621a29bbcb69c3318c18d781ce5e9
SHA1

7e82dbe6ce37e54e2cc34d57827f01b5c081d4ce
SHA256

f78d82b2415db2e11c060f35651176cbc04289d8e5fadcfa3af032c0c2e7def8
SHA512

23c78b5f0477d892f25c18171e5ac9c4129aad1650230dc5940ef30aa13e5cffbbcc1c54fd4a966abadae5a1044ac62302424d12ea9a94758dd9d7d77f8b8c5c
SSDEEP

196608:19kYd7pyOZVDutq54+TsDZnxLclh/281hGAmoSr/eersYyu5ZDBEGUpg:fk47E4pR5ri1ah/vHvK/frss

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

mundolatino.apliblm

description	ioc	Process
File opened for read	/proc/meminfo	mundolatino.apliblm

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

mundolatino.apliblm

ioc	pid	Process
/data/user/0/mundolatino.apliblm/files/audience_network.dex	4190	mundolatino.apliblm
/data/user/0/mundolatino.apliblm/files/audience_network.dex	4190	mundolatino.apliblm

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

mundolatino.apliblm

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	mundolatino.apliblm

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

mundolatino.apliblm

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	mundolatino.apliblm

Acquires the wake lock 1 IoCs

Processes:

mundolatino.apliblm

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	mundolatino.apliblm

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

mundolatino.apliblm

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mundolatino.apliblm

mundolatino.apliblm
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4190

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/mundolatino.apliblm/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1954adde6379241c1f9312f2863144fd

SHA1
2e758ca5624a53303495d46584a3589561dd0366

SHA256
57e925d0992924ae44981f027a446106de4a6d755fe87dea40f724d3b9869ea9

SHA512
0801655b3555300ca7fdf9f671e80a0b33342517a06f14dd4d952f86e91925d7034098f590fff5a9c75ff0440c5f490d02ae65962cbe7e9bae80ea58add42cd2

Download Submit
/data/data/mundolatino.apliblm/databases/google_app_measurement_local.db

Filesize
16KB

MD5
08ec2b330a305b613f997d48b187bb86

SHA1
6f64d04603877d2f75301947991a7dcc86ddd05c

SHA256
3f74cd803a80d9b9d9c9c1347c9b1fa7d3cc4f4fd304f2d92a2caba0c649c9ca

SHA512
aaf64a6df2777e2d569cd53bf45b73008ea6a31ff45e970e7be510389d5054155fd7f189c8e7fed3a3de328389f72e5e8e39ec2716017e1be278b7989303f358

Download Submit
/data/data/mundolatino.apliblm/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c9a29a3288f38f80b68f81fa11851726

SHA1
646fcebe45441a24f93f3e87a46bae3bfccefba2

SHA256
66e61d9c5663562a1174acf8bfea6c6400d947b006fae5fb337eb38fa6b00103

SHA512
61f635e79391eb7e1eeef3a2048407f89c2e16f7c2c2bae2c560dd14c25a7c4969cc65160b9677c3018feb56c6103f229a9adea6dcd61d5e04ad25fc9733a4a8

Download Submit
/data/data/mundolatino.apliblm/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/mundolatino.apliblm/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
9a951a402e54336aef77b495b81f834e

SHA1
56dfce8388335b0d32e4535a5e811a94c3e63100

SHA256
d228e228c24edaf1a8b59325a152f010f4cfa2f6f58a94024eef3137c7c57aae

SHA512
e2a05337fa524fe817d9c0b6fe90e25fc52228e681d3bd25ee8b63dd970bcb499c420a4ff133187697766fcc532ee16fd7ddc6bd6c99712364f8f7741c4ec0b7

Download Submit
/data/data/mundolatino.apliblm/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1280693cd2f79132d4caed19a6d0c5aa

SHA1
ebda80b94e12e89f6867898d139a409036d3c046

SHA256
bfc2c343fdfcc3d9863ca347bd607152d62c16ef3ced2972e21de2d2f0864515

SHA512
f85b1c480ada7a8fc0fff9ec4cc1162d4a3285bbb43427ca16d4d81dae2399bd02943a99cc3675f4650e364773db8d0d9ec4e9a551c6f7e695a187a8b804b09a

Download Submit
/data/data/mundolatino.apliblm/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/data/mundolatino.apliblm/files/oat/audience_network.dex.cur.prof

Filesize
345B

MD5
462b51f5a40a427889e457383fdfb87f

SHA1
da03fc765beee49e11dcb4f5fb18ef4bd426d1d0

SHA256
cf8cbfb3cfb40260b6e25190f3449e29fcdcc5df4290dd9d3c7c8a2b0eab7c57

SHA512
8c6dc91a1373545a81c8317e733aaf861c32b85b0b74502497fc42c08375525bd5d1d3b67d8f60094f041012108ccfd330d5e798a8fbafd500dc09c3f8299cde

Download Submit
/data/data/mundolatino.apliblm/files/vinebre_ac.txt

Filesize
19B

MD5
964d34354b8397b801e3a2be1515ded8

SHA1
8a11d2c32ee3e015a85196275c8d12cf8b1cd413

SHA256
d841ee9bf591a3ac119cc284a6cc9d0ebd5e0e32d0fe9a5ff3925c83254dd919

SHA512
07d64ff9b52c6048681d312e71838c3e16ce672d0d651514bf5f74d07d9ff0eafd93f72899cbf489aee7f53549b5b868b36766a237640ec69bce45dedc216e29

Download Submit
/data/data/mundolatino.apliblm/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
35bb42048470898aa87a5d1c052e6fa2

SHA1
7fe576961042adcae1c31539ac49f44993a7a37a

SHA256
7f7d1061cfd742a352a59bb6e6dfb4ce99a1ca5fb08178a634b896d26ab973ec

SHA512
d2e17cbf10debfd525233bf92d401bf905892aa49c0f6626c0cdc19e7aad31b07e1fb2cdaeaacb7d1063b326d536246e10e7a661ec0af45b076263f0efce46a3

Download Submit